💼 Identity Management, Authentication and Access Control (PR.AC)
- Contextual name: 💼 Identity Management, Authentication and Access Control (PR.AC)
- ID:
/frameworks/nist-csf-v1.1/pr-ac
- Located in: 💼 NIST CSF v1.1
Description​
Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes | | 19 | 30 | |
| 💼 PR.AC-2: Physical access to assets is managed and protected | | | | |
| 💼 PR.AC-3: Remote access is managed | | | 1 | |
| 💼 PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties | | 17 | 52 | |
| 💼 PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation) | | 10 | 22 | |
| 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions | | 4 | 13 | |
| 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks) | | 19 | 23 | |